This Week in Law 289 (Transcript)
Denise
Howell: Hi, folks. Denise
Howell here. And next up on This Week in Law, we've got Sarah Pearson, Duncan
Hollis, and Lauren Wilson joining me; and we've got so much great stuff that
you're going to hear about, including international cyber law and International
League of Cyber Avengers; Title II rises from the ashes in the net neutrality
debate; a duty to hack; and much, much more, next on This Week in Law.
Netcasts you love ... from people you trust. This
is TWIT! Bandwidth for This Week in Law is provided by Cachefly at
Cachefly.com.
Denise: This is TWIL, This Week in Law with Denise
Howell and Sarah Pearson, episode 289, recorded January 23, 2015
Cyberleague Are Go!
This episode of This Week in Law is brought to
you by FreshBooks, the simple cloud accounting solution perfect for your law
firm and any entrepreneur. Save time billing and get paid faster. Join the over
5 million users running their business with ease. Try it free at
FreshBooks.com/twil. And by Blue Apron. Blue Apron will send you all of the
ingredients to cook fresh, delicious meals with simple step-by-step
instructions right to your door. See what's on the menu this week and get your
first two meals free by going to BlueApron.com/twit. That's BlueApron.com/twit.
Hi, folks. I'm Denise Howell. Thank you so much
for joining us for This Week in Law. It's a big week for law and policy issues,
and we've got a big panel to help us understand the latest in what's going on
at the juncture of technology and law. Joining us from Temple University is
Duncan Hollis. Hello, Duncan, how are you?
Duncan
Hollis: I'm doing well, thanks.
Denise: I almost called you "Temple." That's
not going to work. (Laughs) Great to have you. Tell us a bit about your work at
Temple, what you're teaching there, etc.
Duncan: So I'm a professor of international law at the
law school here, and I teach courses on property international law; treaties;
and for, I guess, your viewers, cyber threats, or regulating cyber threats. And
that's most of my research.
Denise: So folks, for all those times when I and other
guests on the show are attempting to grapple with what's going on in
international law and how something might work one way in the United states and
you have no guarantee at all that it's going to work the same way anywhere else
— yay! We now have Duncan with us to help set us straight on all these fronts;
and more particularly, from events much in the news lately, try and help us
grapple with international cyber terrorism threats. So great to have you,
Duncan; you've been a long time coming. Your knowledge base has been a long
time coming to the show. (Laughs) So we're thrilled to be able to welcome you.
Also joining us from FreePress is Lauren Wilson. Lauren, great to have you.
Lauren
Wilson: Thank you for having
me, Denise.
Denise: And you could not be on the show at a more
timely moment in time, given everything that's going on with net neutrality and
how that is all coming to a head. Is that the main focus of your work these
days?
Lauren: It certainly has been the main focus of our
work for the past year and a half, I would say. But thankfully, things are
finally wrapping up, and it seems as if the Federal Communications Commission
is poised to do the right thing; so I'm very happy.
Denise: I'm happy, too, and I'm happy we have you to
help us understand because, as people who have watched the show over the last
couple of years know, net neutrality is not an easy topic; and it tends to get
reduced to sound bites that don't tell the whole story. So I'm glad that we can
have the time to go into it and try and understand a little more thoroughly
what is happening as this whole conversation starts to conclude. And joining us
back on the show is my new co-host, Sarah Pearson. It's great to have you back,
Sarah.
Sarah
Pearson: Thanks, Denise. I'm
really excited to be here.
Denise: People met Sarah a couple of times in 2014,
and she's kindly agreed to step into the shoes vacated by Evan Brown. They're
big shoes, I've got to say. (Laughs)
Sarah: They are; it's true. (Laughs)
Denise: But probably both physically and
metaphorically. (Laughs)
Sarah: (Laughs)
Denise: But we're so thrilled to have you, Sarah. And
we're going to have one more show next week where we won't have Sarah on; but
starting February 6, she's going to be regularly on the show, and I couldn't be
more pleased about it. It's great to have you.
Sarah: Thank you. I'm really excited about it, too.
Denise: All right. So we've got a lot of law and
policy stuff to discuss today; let's get right to it.
(The intro plays.)
Denise: Duncan, I think we'll start in your area of
expertise, if we could, with trying to get our arms around how the United
States and other countries are going to respond to the various cyber threats
that we're facing today. Overall, it seems like our ability to deal with those
threats, both on a law enforcement basis and on a law-making basis, is far
outstripped by the threats themselves, that what people are actually able to
accomplish or may be able to accomplish just kind of runs circles around our
ability to control or regulate it. So why don't you start by giving us sort of
the 10,000-foot view and your take on where we are now and what we can see
coming in the future.
Duncan: Sure. So I think where we are now is probably
not in a good place, you could say. 2014 was a pretty bad year for cyber
security, as we see a whole range of threats. Obviously, the Sony hack
popularized cyber security in ways only Angelina Jolie and Seth Rogen could;
but at the same time, all the data breaches — and then we have stories coming
out about Turkish pipelines being able to be exploded through hacking, such
that I think we're seeing, again, countries that were already focused on this
issue giving it even higher priority, perhaps most notably by the Obama/Cameron
meetings earlier this week, where both emphasized the need for new approaches
to cyber security. And so there's kind of a growing sense, as far as policy
makers are concerned, that more needs to be done. I think on the technical
side, we already have a range of computer emergency response teams; there are
certs that try and deal with the cross-border problems of all these sorts of —
not just cyber criminals, but also hacktivists; and probably of most concern to
folks these days is the militarization of cyber space, as we have now dozens
upon dozens of [inaudible] that are building capacity to go offensive in cyber.
As far as where the lawmaking's going, part of the issue right now is, we've
got kind of — I almost use the musical metaphor "cacophony," right,
that there's just all these different voices out there vying for authority,
saying, Hey, we should be the folks who decide this — whether it's the
International Telecommunications Union, which is an organization under the U.N.
umbrella; or older institutions like I Can; or more security-based
organizations. There's actually a group of government experts that meets at the
United Nations that's 20 countries represented; and they're nominally supposed
to be telling us what the rules are for cyberspace, particularly as it involves
states. And even more recently, there was this Net Mundial meeting last year in
Brazil; and the question is, what will that produce going forward in terms of
kind of what they call a multi-stakeholder model for cyber security and cyber
governance? And we're kind of at a point now where we've got a lot of
candidates for institutions that will help deal with these threats, and/or a
lot of candidates for what the norm should be; but we don't have a real sense
yet of which ones are going to win and which ones are going to lose. I don't
even know that we'll get to some single entity or institution; but we're seeing
kind of different camps sorting themselves out. So it's a complicated but
interesting time as far as international cyber security policy goes.
Denise: It is. It's complicated and interesting on so
many fronts that I scarcely even know where to begin. Maybe where we should
begin is getting your take on where you draw the line for criminalization. So
much of what people do online involves perhaps exploiting something that should
have been locked down but was left wide open; so if you're going to drive right
through that open door, is that a proper thing to criminalize just because
someone has bad security hygiene? And then other things are far more targeted
and circumventing; and I'm wondering, from a policy standpoint, where you feel
the law should draw the line.
Duncan: So I have to be honest. So for my interest
areas and the circles I travel in, we're kind of at the other end of the
spectrum, which is where do you draw the line between, say, crime and war. So
between, say, the Sony hack and the attribution of it to North Korea — is that
criminal behavior, albeit done by a Nations state; or does it somehow get us
into more warlike behavior or — things like Stuxnet, which reportedly was a
U.S. and Israel hack where you're spinning centrifuges out of control; and the
Natanz nuclear plant in Iran. And so I've spent a lot of time working on the
line between what's going to be an act of war and what's going to be a criminal
act. To be honest, I think we see, on the — what constitutes criminal activity,
you're right — it's an equally important area in terms of exactly what should,
say, the Computer Fraud and Abuse Act here in the United States deem as
criminal. It tends not to get as much attention on the international stage,
largely because the things that start to get attention from multiple
governments or multiple international organizations tend to be the higher level
threats. So the large bot-nets, the large data breaches, extensive use of
ransom-ware, or more direct exploits that are attacking, say, critical
infrastructure and the like. So that's kind of where we're seeing a lot of
disagreements over exactly where the line should be for something that would,
say, be an act of war — in which case you can hack back but you can also put
missiles in the air or boots on the ground, literally under the laws of war,
and there's obviously pretty dramatic consequences when you think about that
that could be something that started in cyberspace; versus activity that's bad
but that we would treat as criminal. And Interpol would reach out to the FBI or
vice versa, and they would try and engage in more traditional law enforcement
mechanisms to either cooperate to shut down a bot-net or what have you. And
that's kind of where my focus has been. And again, part of the problem with all
of this is, even in this high-level stuff, figuring out who's doing it really
complicates the legal inquiry.
Denise: Right. And I think that the question you're
more familiar with grappling with is a critically important question of drawing
the line between criminal activities and war. So why don't we talk more
specifically about North Korea and the Sony hack. First of all, we've gone back
and forth on this show and elsewhere on our network here about the solidity of
the information that points toward North Korea. Do you have an opinion on that?
Duncan: Oh, so with an asterisk, I think that the U.S.
is pretty likely to be believed here for having attributed it to North Korea. I
mean, obviously, this week the New York Times reports that it was not just
technical attribution, that it's not just tracing it back through the channels
to identify it from North Korea; but the fact that the U.S. — or the Nsa, more
specifically — was in North Korea's networks as all this was going on, and so
was able to identify it from North Korea kind of through what we'd call secondary
intelligence — that is, not literally doing attribution on the attack itself,
which I think — you're right. There was a lot of chatter back and forth about
whether just based on what we were seeing from the Guardians of Peace, whether
you could say, Oh, that's North Korea; or was it really an insider or what have
you. The U.S. comes out and says, No, no, we know; trust us. People were not so
trusting of the U.S.; but now, this week, we're seeing evidence suggesting that
part of the reason the U.S. was so sure was that they had kind of inside
information from other intelligence, right, that they were already in North Korea's
networks. I guess why I believe the U.S. is, over the last six, seven years,
there have been plenty of hacks where the back-chat was that there was a
government that was responsible. This was a Russian one; this was the Korean;
this was a Chinese one. And we haven't seen — other than last summer when the
U.S. indicted five People's Liberation Army officers from China, this is only the
second time we've seen the U.S. come out and say, We know who did this, and it
was a foreign government, in this case, North Korea. So I think, particularly
the speed with which the U.S. did it and the fact that it's so rare for them to
do it, at least leads me to believe that it is North Korea. The one asterisk
is, there was a time — as some of your viewers may recall — where the U.S.
government was equally convinced that there were weapons of mass destruction in
Iraq, and that one was wrong. So is there a possibility that the NSA was
getting misled somehow and thought they were in the North Korean system, and
someone was sending them off on a wild goose chase or making it look like North
Korea? I suppose history suggests that's possible; I just don't really believe
it in this case.
Denise: Okay. Sarah, any thoughts about the North
Korean situation and the solidity of the information about the hack; and
specifically, what are your thoughts on whether this is the kind of thing that
could escalate to a militarized response?
Sarah: I guess — I mean, I certainly defer to Duncan
in terms of whether or not it was — we have good evidence that it was North
Korea. I'm really curious, actually, to follow up on something Duncan was just
saying. You were talking about that you deal a lot with the line between war
and crime; and I'm curious where terrorism falls there. Is that — in the
physical world, we're often grappling with this pull between what's terrorism,
and where does it cross the line over to war? I imagine that's an issue that
you deal with in your domain, too; and I'd love to hear you talk about that a
little bit, if you don't mind.
Duncan: Sure. So if you look at the history of
terrorism, terrorism started out as a criminal behavior. If you go back to the 1970s
and high jackings, everybody said, Oh, this is horrible behavior; it's
criminal. And then, over time, people began to say, You know, it's not just
criminal; there's something else going on, whether it's the state-sponsored
terrorism in particular. And most notably, of course, was after September 11,
when you have the Bush Administration saying it's not crime; it's war, and it
should be regulated entirely as a matter of war. So you kind of had two camps:
the crime camp, and then there were some folks who said, It can be both. It's
both crime; it's both war. We can use the tools of both to try and regulate it.
And then, there's been some folks who say, Terrorism should actually be a
discrete, third category, and we should kind of have a whole separate system.
Just like we have laws for war and we have criminal law, we should have laws
for terrorism. Sadly, with respect to just regular old terrorism, we haven’t
gotten that far. We have a number of treaties that have nations cooperate on
combatting terrorist financing, terrorist bombings, high jacking, and the like;
but it's also important to note that internationally there's no fixed
definition of terrorism, that things like the Palestinian situation and
elsewhere have made it very difficult for countries to agree on what terrorism
is. So that complicates how international law deals with it regularly. For
better or worse, when it comes to cyberspace, what we tend to see these days is
terrorists' use of cyberspace for various purposes — propaganda, recruiting; we
have not seen yet terrorists actually using cyberspace to perpetuate, say, a
terrorist attack — that is, poisoning a water filtration plant or tackling a
civilian nuclear reactor — kind of these Armageddon-like scenarios that you'll
see suggested. So for better — probably for better — we haven't had to grapple
yet with how we're going to deal with "cyber terrorism" because we
haven't seen it yet. The history with respect to terrorism at large suggests
it'll be hard to figure it out and that some nations will say, Oh, it's
criminal, and you shouldn't treat it like an act of war; and other nations will
say, No, no, you're wrong. We can use our military forces and detention
operations and all that goes with it to deal with these threats.
Sarah: Yeah. I figured if we're still grappling with
it in the physical world, then I imagine we're that much farther behind in
thinking about it when it comes to the digital; but it's really an interesting
thing to think about.
Duncan: Yeah. No, and —
Denise: And the other interesting thing to think about
is not responding in the typical way that things are militarized, but as Duncan
referred to previously, responding in a way that militarizes cyberspace. And
sort of eye for an eye; but this time,
companies' internal documents for companies' internal documents or some other
kind of retaliatory strategy. How does that all play out, Duncan?
Duncan: So it's interesting, right? So the
militarization of cyberspace really depends on where you sit. So to give one
example, for what we called international humanitarian lawyers — that is, the
folks who work on the laws of war — they're all very comfortable with what the
rules in warfare are; and the rules in warfare are pretty simple. You can
attack military objects, but you cannot attack civilian objects. You're
supposed to protect civilians and separate them out. But what we've done in the
real world is, what happens if an object's used both by civilians and military
— say, a power plant powers both a military base and civilian facilities? Where
stuff's used by both, international law says, Oh, it's military, and you can
attack it. Now, you translate that to cyber. That creates a real problem when
we think about the fact that the military, including the U.S. military, runs so
much of their communications and the like through the Internet. They use many
of the same service providers that you or I use for services. Does that
suddenly mean that all this — things like Skype — are suddenly in some ways
open to attack in a military conflict? And militaries seem fairly sure that the
answer is yes, although from other quarters, people are saying, You know, that
may have worked in the twentieth century, but we're not sure it works in the
twenty-first. So on the one hand, you've got that. On the other hand, you do
have this line between, how do we sort out technology that's largely driven by
data and communications — what do we want to consider to be military in nature
or not? And so one of the things is drawing the line. Like, for example, the
Sony hack — no one's saying that was an act of war. Obama described it as cyber
vandalism; and the analogy that's probably more appropriate is, a lot of this
stuff so far has been espionage, right? Peeking in, looking at people's data,
getting access to it, maybe learning from it things that you could use in a
real conflict — plans for people's power grids or the like. But by and large,
to the extent it's espionage, international law's just kind of shrugged its
shoulders at that going in the past. But what we do see — and I think it's
really important for people to understand — is that since, say — there was kind
of attacks in Estonia in 2007 — militaries have woken up; and they are thinking
about this as a domain, and they are investing millions, if not billions, of
dollars; and tens of thousands of military forces are now thinking about
cyberspace in the way they used to think about airspace or the oceans as a
platform on which they can launch and defend against attacks. And we really
haven't figured out how they're going to segregate that from you and I and how
we use the Internet and information technology.
Denise: Lauren, I know this is a little far afield
from net neutrality and thinking about the regulations of businesses and the
way the Internet is delivered on that front as opposed to, perhaps, the
Internet being taken down by a cyber terrorist; but I don't want to leave you
out of this conversation. Just wondered if you were having any thoughts as
we're going along here exploring these issues.
Lauren: Well, I have read some of Duncan's writing,
and I think it's really interesting, the discussion surrounding how you draw
the line between what is a crime and what's an act of war. And I kind of
connected that to something Duncan said about how we define terrorism; and
unfortunately, sometimes I think terrorism is defined by who is committing the
act and what political aim they are shooting for, what ideology they support.
And so I think that complicates the discussion even further when we're trying
to determine who is a criminal versus who is a terrorist and whether there is
cyber terrorism or threats domestically. I don't know if that will be a civil
cyber war where you have Americans versus Americans in one group, committing
cyber crimes against one another; or if you have policies or actions that
really severely kind of limit the digital rights of one group. Should that be a
crime? Is that a form of cyber terrorism? And if we follow Duncan's writings,
should there be a duty to assist those people? And so that's just what I was
thinking about.
Denise: Right. Excellent points. Duncan, do you have
any response?
Duncan: Yeah. So I'll say two things: One, the duty to
assist idea was my response to what we'd say is the attribution problem, which in
cyberspace, unless you're unlucky, stupid, or somebody does have secondary
intelligence, often you can hide your identity and perpetuate whether it's
criminal activity or militaries doing these things. Which is why, for example,
there's still some folks who are doubting the idea that North Korea did the
Sony hack. That attribution problem makes how we normally would use law
difficult, right? Normally, what law does is it says, Don't do X. And if you,
bad person, do X, we'll find you and punish you for that sort of behavior. The
difficulty is, well, if you can't find that person, if you can't identify the
bad actor — you can't even figure out if that bad actor is an individual, a
cyber criminal organization in Russia, or a foreign government like North Korea
— then it really makes it hard to know how that law's going to work. Is it even
going to deter behavior? Is it going to lead to anybody being caught? And
that's part of the problem with cyber crime right now, is the amount of cyber
crime versus the actual successful law enforcement efforts are really not well
aligned. And so part of what people have been thinking about is, can we come up
with other ways to regulate this space to make it safer? And there's a general
idea of what is called resilience, which is, how do we make our networks? How
do we make our data more secure in the face of an attack? Assuming attacks are
going to happen, assuming we're not necessarily going to be able to catch the
people who did it, can we just figure out ways to survive those attacks as best
we can? And that's why, for example, I'd argued for, say, an E-SOS or some sort
of digital assistance requirement that — for really bad things, where
somebody's critical infrastructure's knocked offline or what have you — is you
can ask for help and that other people would then be required to give it to
you, much like on the high seas. If your ship is sinking, you can put out an
SOS; and anybody who's nearby is legally required to come help you. And you
could actually sort through the offers of help if you're the sinking vessel and
say, Yeah, we need you to help us. It's a different way of regulating a
problem, right, because the SOS system regulates pirates, but it also regulates
hurricanes. It doesn't really matter who's causing your vessel to sink; the
idea is that the obligation is to help the victims when they need it. And so
that's kind of — again, people have been thinking in terms of how do we, at an
international level, try and start a conversation or start a set of norms that
everybody can agree on? Can we actually get a world where China, Russia, the
United States — not sure you'll ever get North Korea, but the major players —
India, the European Union, are all on the same page for at least some basic
minimum norms and how to deal with certain threats. I would say one thing about
the net neutrality is, although it doesn't seem like it's related to this
issue, I think in practice there is some ties in the sense that I think there
is that question of, well, who decides these things, right? And part of what's
going on in net neutrality is this fight about whether we're going to leave it
to companies to figure out how we're going to regulate bandwidth, or is an
individual government like the United States going to step in, or should there
be some international net neutrality principle that, as a matter of
international law, nobody is supposed to violate the net neutrality principles?
And that is, again, tied up with, I think, this larger looming battle over,
well, who's going to be in charge of cyberspace, or who's going to be in charge
of which parts of cyberspace, which is very much in play in the cyber terrorism
and the cyber war conversations where you have — certain actors are trying to
say, hey, we should be in charge of all of it. And others are saying, No, over
on this issue, net neutrality should be domestic legislation; but on things
like cyber war, yeah, we need the U.N., or a group of folks at the U.N., to
weigh in.
Denise: So sorry, folks; we just lost my video. But we
are at a great juncture in this conversation, and I definitely want to keep it
going. And that's a really interesting point, Duncan, that you just raised
about net neutrality on the international front. Can you, and then Lauren, tell
us what you know about moves in the international community to adopt net
neutrality principles similar to what the FCC here in the U.S. has been grappling with?
Duncan: So it's not an area that I know as much about,
so I'm hoping others will jump in. My sense is that it has been discussed about
the International Telecommunications Union — I think I mentioned the ITU before
— and they're certainly proponents of it. And then there are other countries
where — like, China, there's no net neutrality in China. But it is definitely
the sort of thing where folks are looking at taking it beyond an individual
country. It runs afoul of kind of another movement that we're seeing in the
post-Edward Snowden world which is data localization, which is that a number of
countries are working to keep their data in-country; and then that may have
consequences for what sort of services are going to get prioritized on their
bandwidth, local versus stuff coming over the national border, so to speak. But
that's — other than I know that it's an issue that ties into this question of,
well, who's going to decide these issues, the details are not my area of
expertise.
Denise: Lauren, do you know anything further you can
fill us in?
Lauren: I don't work so much on the international
front, but I do know a few things. Back in December, there was a proposal from
the U.S. in the — I think it's called the TISA or TSA. It's another iteration
of an international trade agreement; and it's actually not as strong as rules
in the EU or even what the FCC is proposing or what President Obama called for.
And it's pretty strange that the U.S. would push for weaker protections on an
international front, and it's definitely something that's problematic. The U.S.
proposal, pursuant to that trade agreement, the definition of what reasonable
network management is is not clear. So who knows what Internet service
providers could claim as a practice that they're using to manage their network.
And there's also an issue of a provision granting, I think, users access use to
kind of the content of their choosing; and that raises a red flag because it
paves the way for what's called zero-rated apps. So a carrier could exempt a
certain application or website from a data cap, which is complicated because
people are, in a sense, getting what they want; but they're not really getting
that full, robust access to the entire Internet. And so we don't want to see
kind of people opting for cheaper plans just because apps are zero-rated and
then getting kind of a second-class Internet experience.
Denise: All right. And yes, I definitely want to get
into the nuances of what we're dealing with here in the U.S. and what the FCC
is going to have to decide very shortly here. But before we leave international
cyber law, let's talk about Edward Snowden on a couple of fronts. Number one,
he's a whole international cyber law conundrum in his own right; and number
two, he has given us access to a bunch of information that's pertinent to what
we've already been discussing here today, including some coverage this week
about some of the Snowden docs, that talk about how the NSA is preparing
America for all these issues. Can you speak to that for a second, Duncan?
Duncan: So sure. If you want to be cynical, this may
be the Snowden camp's efforts to kind of get back on the front pages in the
aftermath of the Sony hack; but what it basically does is, it's a series of
documents that details — so far, most of the Snowden documents emphasized what
we call the cyber exploitation aspect of what NSA does — that is, getting into
people's systems and scooping up data, [inaudible] it, learning things, right?
Basically getting information, getting intelligence. What this discusses is how
NSA is now moving into more offensive attack capabilities — that is, really looking
at different ways not only to find out what the power grid plan is, but then
how to use that planning to take it down when and if the U.S. military needs to
do so in a conflict. And it's not too surprising to me that NSA would be doing
that because, again, the United States military now has U.S. cyber command,
which is the military arm that deals in cyber along now; and the head of U.S.
cyber command is also the head of the NSA, so it shouldn't be so surprising
that the NSA'S NOW NOT JUST IN THE INTELLIGENCE-GATHERING BUSINESS BUT ALSO,
GIVEN ITS — WHATEVER YOU THINK OF THEM, THEY DO HAVE A HIGH LEVEL OF TECHNICCL
SKILL, THEIR ABILITY TO CAUSE DAMAGE, DISTURB, OR EVEN DESTROY STUFF VIA CYBER
ATTACKS. And so there was this Der spiegel release that came out. My sense is —
I haven't gotten a sense that it's gotten as much play in the United States. I
think DeflateGate seems to be taking priority over that. But — I wasn't
actually in Europe; I was in Zurich until Wednesday; and it was definitely
playing over there in much the same way that a lot of the earlier Snowden disclosures,
kind of further vilifying the United States as kind of an aggressor in
cyberspace, which can come back to bite it as it tries to get other issues that
it wants. Suddenly, people accuse the United States of hypocrisy on some of
this, and that makes it hard when the U.S. is out there advocating for things
like digital privacy or freedom of expression on the Internet. This sort of
stuff can get turned around on the United States and make it hard for the U.S.
and the diplomats that represent the U.S. to get what they want.
Denise: And how about Snowden himself? Have you been
following along the ins and outs of his travels around the globe and his
eventual, perhaps, prosecution?
Duncan: So I haven't been following that closely. I
mean, I think he's kind of in the same boat that — remember Julian Assange,
right?
Denise: Of course.
Duncan: We haven't heard as much from him. He's still
in the Ecuadorian embassy as far as I know. Right; this is where international
law both helps and hurts these guys — helps them in the sense that it probably
precludes the U.S. from sending in special forces to scoop him up. Certainly,
if they did so, (a) A place like the U.K. wouldn't be so happy. You know, there's
diplomatic immunity for Assange; and obviously in Moscow, you're dealing with a
whole different kettle of fish in Russia. But international law prohibits
states from going around and grabbing people wherever they want in the world.
On the other hand, it also limits their ability to move around and get where
they want. I think, certainly, Snowden is looking to avoid getting prosecuted
in the U.S.; but my sense is, the time in Russia is not as fond as maybe he had
originally anticipated. So these sorts of things can last quite a while. There
was an old story — I think someone was in the Vatican Embassy in South America
for something like seven years at one point in an earlier one of these stories
where a fugitive decided to hide out.
Denise: I suppose I'd rather be in Rome than in Russia
if given the choice. (Laughs)
Duncan: True, true.
Denise: Yes. All right. We're going to take a break
here for a second. We're going to wrap up our international law discussion by
looking at some potential solutions to the problem of regulating cyber stress,
including a duty to hack. I want to get into that with you, Duncan. But before
we do that, a couple of house-keeping matters here. Number one, thank you so
much, Patterson in IRC, for giving us a great first MCLE pass phrase for this
episode of This Week in Law. We put these phrases in the show for the various
jurisdictions around the United States — and goodness knows, with our
international focus, maybe this applies elsewhere, too — that if you are a
lawyer elsewhere in the world, you might also have a continuing legal education
requirement that you have to meet. And why wouldn't such a wonderful guest such
as we have today be a great candidate for satisfying those requirements? We're
not an authorized provider in any state, but you shouldn't let that stop you if
you're a loyal listener to the show, there are many ways that you can submit
individual programs and get credit. And we have a wonderful aggregation, at
least for folks in the U.S., of how you can go about doing that state by state
at our wiki. That's at wiki.twit.tv; find the This Week in Law page there, and
you'll find everything you need. And we put these phrases in in case — several
jurisdictions like folks to be able to demonstrate that they actually watched
or listened. So our first phrase for this show is "Casus belli." I'm
not even sure if I'm pronouncing that correctly. It is Latin which means, per
the terms of the TWIL drinking game handed down to us from time in memorium,
that now would be the time that you drink. (Laughs) Anytime we utter Latin and
various other things on the show. "Casus belli" is a Latin expression
meaning "An act or event that provokes or is used to justify war." So
it's wonderfully appropriate to what we've been discussing today.
And then the other house-keeping thing that
we're going to go ahead and take care of right now is thanking our first
sponsor of this episode of This Week in Law. Of course, we could not do this
show without the great sponsors on our network, and one of the sponsors that I
most enjoy telling you about is FreshBooks because I use FreshBooks, and I
couldn't have my law practice without it. It literally keeps the lights on and
the bills paid for me by making sure that I'm able to accurately and timely and
really conveniently invoice my clients and get paid. It's a super easy program
to use. Once you input a few addresses or recurring things, it kind of goes on
auto-pilot for you. It helps you track your time. You don't want to track your
time with a watch; it's much easier if your time and billing program is
actually doing that for you. All you have to do is open up the FreshBooks app
on your phone; you start the timer; and then that time is captured and
immediately gets translated into an invoice down the road. It bills for growing
businesses; and particularly when you have a small business such as my very,
very small law practice, it's important that you get your money in the door in
a timely manner. You really don't have any cushion to fall back on. And on
average, FreshBooks customers double their revenue in the first 24 months and
get paid an average of five days faster. That really makes a difference. You
don't want to be using Word or Excel or Google Docs to do your invoices; I hope
you know and get that it's just not professional and doesn't send the message I
think you want to send as a business. But FreshBooks sure does, and its
professional-looking invoices don't cost you a lot of time. They're really easy
to create in just minutes. You also can avoid those awkward emails and phone
calls to your late-paying clients. Somehow it's just a little nicer — I think
people are a little bit more amenable to a little tickler from your time and
billing program which you can set up easily in FreshBooks, rather than having
you have to get on the phone and say, Hey! Why haven't you paid me? It's a
little less awkward. You're going to spend less time on paperwork, and you're
going to free up up to two days a month to focus on more of what you love to
do, whether it's your work or your play. I'm all about things that make you
more productive, and this certainly does. Also, you can use FreshBooks to keep
tight track of your expenses — not just your time that you need to include on
invoices, but also the expenses for the things involved in the services you're
providing. All you do is snap a photo of a receipt right from your phone, and
it's instantly captured and will go right on your invoice for you. You can also
instantly access complete financial reports so you can keep track of those
expenses and be ready for tax time, right around the corner here. You can also
integrate FreshBooks with any apps you're already using — for example, Google
Apps, PayPal, Stripe, MailChimp, FundBox, Zen Payroll, and it works with even
more than those. And best of all, if you ever need help, don't worry about
waiting in a long phone queue and trying to get to the right person. You're
going to talk to the right person every time, and tech support is free forever.
So why wouldn't you try FreshBooks right now for free with no obligations? You
start your 30-day free trial by going to FreshBooks.com/twil; and please, when
you're there, it really helps us out if you can remember to enter "This
Week in Law" in the "How did you hear about us" section. Thank
you so much, FreshBooks, for your support of my law practice and also
supporting this episode of This Week in Law.
So Duncan, you sent me some wonderful proposed
strategies for dealing with these issues we've been discussing. One of them we
touched on already: an E-SOS for cyberspace. You might want to flesh that out a
little bit more for us. And I'm also super interested in your thoughts on a
duty to hack. So can you run through these points for us?
Duncan: Sure. So the E-SOS for cyberspace, again as I
suggested, is this idea that for maybe certain cyber threats — massive DDOS
attacks, say, on a nation state or attacks on critical infrastructure — not
your garden variety hacks, as it were. But that for certain hacks we might want
to have a system where the victim can call for help. Here in the U.S.
particularly, there's been a lot of resistance to trying to regulate cyberspace
and require people, or mandate people, to do certain things; and this would be
more of — the victim decides when they need help and who they could call for
help. And there's some great stories from the SOS world. One of my favorites,
actually, is a North Korean story where a North Korean vessel got attacked by
Somali pirates off the coast of Somalia; it sends out an SOS; and who comes and
saves the North Korean crew but the United States Navy, engaging in a gunfight
and arresting the pirates. And again, part of the idea is that even enemies can
cooperate against a common threat; and in cyberspace, there's certainly that
possibility. Part of what motivated it was, the Estonian hacks in 2007 were
almost — all the Estonian services, from banking, education, government,
universities, media, went offline for several weeks; and most assumed a
Russian-sponsored hack, or at least a DDOS attack that originated in Russia.
And when Estonia asked Russia for help, Russia kind of shrugged its shoulders
and said, We didn't do it, but we don't know who did; and let it stand. I guess
part of the idea for an E-SOS would be that you have to help. So even if you're
the one who caused it and you don't want to admit you caused it, you'd still
have to clean it up, is part of the idea. And I think there's some discussions
within places — not on a global level, but at NATO and again in the GG
conversations — where people are talking about, well, how do we do this? And I
don't know if the E-SOS idea is going to get picked up; but the duty to assist
is certainly something that's on the agenda right now internationally that's
being discussed. I know Microsoft, for example, actually has a cyber security
diplomacy team; and they, last month, came out with some suggestions, including
a version of a duty to assist. So it's an idea that I've been kind of flagging
for a few years now, but it's nice to see that some people are thinking about
it in the sense that — what's the harm, at least, in having a duty to assist?
It doesn't stop people from going after cyber criminals; it doesn't stop us
from thinking about what the rules are for laws of war or better ways to
regulate this stuff; but it could be a system in place as we see increasing
cyber insecurity to deal with that. So that's the duty to assist idea. On the
other hand, the duty to hack idea was my reaction in some sense to a lot of
attention and criticism and fear around using information technology in
warfare. A lot of people — there have been calls beginning in 1998 to ban cyber
weapons, to say, Nobody should use cyberspace for warlike purposes. I guess I'm
more of a realist; and I think, as we're seeing today, that's unrealistic. I
mean, governments are going to use it; they've decided that they can do amazing
things that they never could do before remotely, without risking their
soldiers' lives, to disrupt — whether it's companies like Sony or pipelines
like in Turkey or nuclear centrifuges like the Stuxnet virus. And given that
that is possible, the idea of the duty to hack is to start thinking about,
well, when and if should hacking ever replace bombs and missiles?
Denise: Right.
Duncan: That is what military folks call kinetic
attacks. And so the idea, basically, was to start thinking about when, if ever,
would we want to require states to hack first, right? Because the idea would
be, instead of blowing up the power grid before U.S. forces entered a city, why
not disable it temporarily until the forces move in place, and then you can
turn it back on with no requirement to repair anything and no collateral damage
in terms of lost human lives? Let me be clear: There is no real duty to hack in
international law right now; it's more of a thought piece —
Denise: Yeah.
Duncan: — that is trying to change the conversation
and think about, if we're militarizing cyberspace, is there any good that can
come of it? And I recognize it's a controversial idea, but it is one that people
are thinking about.
Denise: Yeah. It's a great one to think about. And
also, I love your concept of a global cyber league, something you see as a Red
Cross sort of movement for cyberspace. And what I see when I think about a
global cyber league is five or six folks in stretchy costumes with circuit
cords across their chests. (Laughs)
Duncan: (Laughs)
Denise: So why don't you elaborate? I'm sure I'm just
making light. But you like to make international law funny, so ... (Laughs) my
contribution to that.
Duncan: No, no. My 12-year-old daughter Margaret
actually gets credit for coming up with "global cyber league" because
I was like, "I need a name for this, and it can't be the Red Cross."
Denise: (Laughs)
Duncan: On a serious note — I mean, again, a colleague
of mine, Tim Maurer who's at New America, and I kind of have been talking about
how cyberspace is under-institutionalized. I mean, we certainly have ICAN, and
we have the IETF — Internet Engineering Task Force. But in terms of a policy
lens for figuring out, how do we deal with these most severe cyber threats,
there really isn't anybody out there that's not affiliated with the government
or not affiliated with some pre-existing international organization. So you
have things like NATO, which comes with baggage. Russia doesn't like NATO very
much, for example. And so you have these institutions that are trying to
protect cyberspace and make things better; but the reality is, there are other
states or other interests that don't like those institutions or don't like
those governments, and so there's a real lack of trust. And one of the things
that we kind of thought would be interesting would be, well, what about doing
what the Red Cross did for disasters and warfare? There was a time, right, when
militaries only took care of their own wounded, prisoners of war were
mistreated; and when disasters happened — bad things — people just died. And
then Henry Dunant, a Swiss businessman in Italy — or what was soon to be Italy
— at the Battle of Solferino, says, This is horrible. And he basically tried to
organize some aid after that battle and came up with this idea that what we
need are societies to just focus on assistance and do so impartially. It doesn't
matter who you are as a victim. If
you're a North Korean victim of a cyber attack, or are you somebody from
Silicon Valley, the idea is, all victims should get help; and it should be
given neutrally and impartially so that, for example, the Red Cross can come in
and visit people held by things like the FARC in Colombia that some people
think is a terrorist organization. But the Red Cross can get in because it has
that trust and everybody understands that it's going to be neutral, that it's
not going to take the information it finds and leak it to the press or give it
to intelligence agencies or economic
competitors and the like. And so there's actually a global conference on
Cyberspace coming up in April. It's part of what's called the London process,
which is this kind of — every couple of years, nation states at a ministerial
level gather to try and figure out how they're going to deal with cyber
security; and the Dutch are hosting it this April, and looks like we're going
to try and pitch that idea there. And I don't have any illusions that it'll be
successful, but at least trying to get folks to think about, well, what if we
did something similar in cyberspace? What if we had a Red Cross-like movement
and had similar structures just like national societies — the American Red
Cross — but there's also an international community of the Red Cross. Could you
do something in cyber? You already have certs, right? You already have computer
emergency response teams; but they're often tied to governments, and it's not
clear that people regard them as neutral or impartial. And so part of the
question is, well, what sort of assistance network could we craft that
everybody could trust and it could be neutral and deal with kind of systemic
threats to the Internet in terms of massive DDOS attacks or data breaches or
the like? And so that's the idea. Part of the joy of me being a law professor
is, I get to try and think these ideas and then see if we can't get those who
actually work with cyberspace, whether they're military government or technical
or industry folks, to see if it's possible. And so we're only at the beginning
of this conversation.
Denise: Right.
Duncan: But it's been interesting getting earlier
reactions to it.
Denise: The security clearances on the members of the
cyber league would have to be pretty high.
Duncan: Yeah.
Denise: Else they would just go around back-dooring
everybody, right?
Duncan: Right. No, I think it — I mean, you'd have to
develop an ethos, right? Like, just like if you become a Red Cross volunteer,
you work for the international community of the Red Cross. You actually take an
oath of neutrality. And there's a culture there where people take pretty
seriously that whatever nationality they're from, whatever their background,
while they're with the Red Cross, that's their primary identity. And that's the
idea here. Could you do something in cyber? And maybe you can't. Maybe the
intelligence interests or the zero-day market is just so strong that people
wouldn't do it. On the other hand, we're at a pretty bad place in cyber
security right now; and so I think it's time for some new ideas and at least to
try some trial balloons to see if we can't get to a better place. And so this
is just one of those ideas.
Denise: Yeah. Folks in IRC are calling them the cyber
avengers, so I guess we'll make our second MCLE pass phrase for this episode of
This Week in Law "Aid from Asgard," focusing just on Thor, of course.
Duncan: Yeah. And I'll take your point that they're
going to need uniforms.
Denise: Yeah.
Duncan: Yeah, I think that's going to have to be
required.
Denise: (Laughs) Definitely. Some sort of good logo,
if nothing else. Okay. So we've got our second pass phrase in there. I think —
first of all, I just want to thank you so much for sharing all these ideas with
us, Duncan, before we shift gears here. Really great stuff that I hadn't
thought about before, and I'm glad you're thinking about. And I do want to
shift gears over to talking about net neutrality because there's so much going
on just immediately this week and much coming up in the next few weeks with a
vote from the FCC. So Lauren, I'm going to kind of set the context a bit and
let you go from there and tell me if I've left things out. But we had, just
this week, hearings on some proposed net neutrality legislation. The hearings
seemed to garner a lot of controversy, and the proposed legislation does not
seem, from the challenges it was getting — mostly from the Democratic side of
the aisle — the proposed legislation doesn't seem like it will fly, although we
now have a Republican-controlled House and Senate; so who knows what will fly
or not? But that's been going on. Also what's been going on is, way back at the
beginning of this current iteration of the net neutrality discussion, when the
Verizon case was decided by the Second Circuit, it seemed — we had a bunch of
people on the show talking about the whole notion of Title II reclassification
and whether that could ever happen and how that was just kind of high in the
sky — maybe a good idea, but high in the sky. And now it's seeming like maybe
more of a reality; so I'd love to get your thoughts on that. And then, of
course, we have this vote that is coming next month from the FCC, which is the
result of the proposal that it put out last year and the comment periods that
have gone on in the wake of that proposal. And finally, a vote on an open
Internet rule that hopefully would pass legal muster in a way that the FCC's
first try at this did not. So Lauren, have I keyed that up enough for you?
Lauren: You have done a great job. Thank you. (Laughs)
Denise: Okay. Tell us about the legislation first. Did
you go to the hearings?
Lauren: I did go to both hearings, so I was on the
Hill all day from 9:30 a.m. until about 6:30, 7:00; and man. So I think the
bill did come about because members of the different commerce committees heard
that the FCC was going to move to reclassify broadband as a common carrier,
telecommunication service on February 26; and so I think they're trying to
preempt that move because that would mean a lot of good things for American
consumers. And it may or may not get at the profits of the largest Internet
service providers. And so by all accounts, this bill was written by the cable
industry and was put forth by the chairman of the House and Senate commerce
committees. And on its face, it may not seem that bad; but it's pretty
dangerous, and I think Republicans got at it in a very kind of sneaky way. The
legislation does ban certain forms of discrimination online; and notably, the
word "discrimination" appears nowhere in the draft bill. So that
leads us to believe that in the future, ISPs could discriminate in ways that we
haven't conceived of. All the bill does is speak to forms of discrimination —
paid per organization, blocking — that have already come up and that we know of
now. But there's nothing in there that would stop an Internet service provider
from discriminating on the basis of its vertically integrated products or
services, from zero-rating apps, from — who knows? — qualitative
discrimination. And we should be very fearful of that. And furthermore, you get
net neutrality, but this bill bans the FCC from enforcement and from acting in
order to do right by consumers; and it also banned the FCC from reclassifying
broadband as a telecommunication service. So you would get some basic form of
net neutrality, maybe; but you would be giving away telecom and giving away a
conception of the Internet as we know it that's free and open. And there's so
much more in Title II to protect consumers than just the authority to ban
discrimination. There are important protections for privacy, emergencies, other
types of discrimination that really go to
the heart of what the internet is and what any open communications network is
and should be. So I think the bill poses a very grave threat to the future of
the internet and by giving away title 2; sure you get net neutrality in some
short term but I think you lose it in the long term and you lose the larger
policy of openness and innovation that net neutrality really is after.
Denise: Tell me about sort of the political board game going
on here. We have the FCC coming up for its vote; we have this proposed
legislation in place or working its way through congress. Do you think that the
legislation is being put out there as a way to react to the FCC’s vote if it
does not go the way that the majority of congress would like it to go?
Lauren: Absolutely the bill is out there as a reaction to the
FCC’s upcoming vote. I doubt that they could get it through committee and the
whole congress in time. I think the way the bill started out was kind of a
bargaining chip. I think Republicans are
willing to drop some parts and definitely there are some carrots on the stick
to lure Democrats in but I’m optimistic that we can beat this thing down. The
FCC will absolutely vote 3-2 I think to reclassify.
Denise: That’s your call, 3-2 to reclassify?
Lauren: Yes I think this bill just means that we definitely
have more work to do on the hill but I think it can be done. Senator Thune sent
out a letter to the FCC today calling for more transparency in the process. One
talking point that they tried out recently is that no one has seen these new
rules and the new order reclassifying broadband and to me it’s kind of a
strange… because there was notice and comment in a public proceeding and
formally people have already spoken out and said that the internet is a common
carrier service and they asked the FCC to reclassify. There were draft rules
that were released in May and people said they were not good enough and so the
FCC went back to the drawing board and that’s why we’re at this stage. So I
think claims of a lack of transparency aren’t very genuine in my eyes and I
think there is a lot of danger in these new rules coming to light ahead of
schedule.
Denise: How big is this drawing board? What can we expect
after the vote? We’ll get a new set of proposed rules that you think will
involve reclassifying broadband as a common carrier. Is that just going to be
that and then it’ll be up to the courts to take a look at those rules and
decide whether the FCC has acted within its authority?
Lauren: Right, there will probably be litigation; the wireless
industry has said it would probably sue the cable industry, lobby and CTA which
is headed by former chairman Powell who is the one who gave away
telecommunication service in the first place. That’s really interesting to me
you know, he testified in the house and he kept saying the FCC could have put
itself in this position. It classified broadband as an information service and
he kind of acted like our hands were tied now. But he left out the fact that it
was his FCC that did that and that it was his call to put the internet under
the watchful eye of Comcast and Verizon and AT&T. So he said they would
probably sue; I think Verizon would probably sue again so I think we would see
litigation. I think we would absolutely see the FCC prevail. They are the
expert agency and there is definitely very robust record supporting
reclassifying broadband as a telecom service and the agency has contemplated
this for a long time so I think success is likely and then there will probably
be a lot of proceedings regarding forbearance. Title 2 is lengthy and we
certainly don’t need every provision that relates to plain old telephone
service. The commission can forebear for a lot of those provisions. So we’ll
see more rule makings and proceedings probably deciding which sections of title
2 we should keep and which sections we don’t need any more.
Denise: Ok, Sarah what do you think about these latest moves
in the net neutrality chess game?
Sarah: I think it’s an interesting move because I guess I’m
not convinced that the public really understands the implications of
reclassification and I’m kind of just going by the fact that I don’t feel that
I fully understand the implications myself. I do think the public
overwhelmingly is supportive of the idea of an open internet and not wanting
throttling, not wanting paid prioritization and those things but I don’t know…
in fact I’m fairly convinced that the public doesn’t really understand the
minutia behind it. So this bill kind of tests that by saying look we’ll deal
with the specific harms that everyone is agreeing are bad but we won’t go so
far as to let the FCC reclassify. So to me it’s kind of an interesting
strategic move. I have no idea whether or not it’ll work. I’m not close to
Capitol Hill at all and it sounds like it’s not going to but I did think it was
an interesting strategic move there.
Denise: Lauren you’re very much an advocate for title 2
reclassification and treating the internet as a common carrier and making sure
under that authority that paid prioritization and throttling and things are
difficult if not impossible to pull off but I’m curious as to your take on the
business side of the argument. The argument for different approaches to how we
deliver internet services and you were touching on this earlier with different
exemptions with beta casts etc. Shouldn’t the various industries delivering
things over broadband and providing broadband be given a little leeway to play
around with economic models?
Lauren: Where does it stop if you can do that? I think that undermines kind of the ideals
that this nation was founded upon. I don’t think anyone would suggest that when
this country was founded that the postal service should be able to charge more
money to certain people for delivering their mail. Everyone should have equal
access to the networks and those pathways that connect people to other people
and other businesses. So the idea that corporations should be able to kind of
toy with that model is a zero sum game – if you speed up some traffic you slow
down other traffic. To mess with that favors people with capital and people who
can afford to bear that cost and that seems so inherently unfair and anti to
everything we are about. The internet is a modern day postal service, a
printing press and I don’t think discrimination should be allowed on that open
pathway and I don’t see how discrimination could be good for anyone’s business
in the long run.
Denise: Just stick to the metaphor of moving around physical
goods and it’s not a perfect metaphor when we’re moving around bids but it is
good for business to have the postal service and Federal Express and UPS and
all kinds of competition in how you move things around and you’re going to pay
more for some of those services than you would for others.
Lauren: I think it’s different with parcel delivery because
USP; when I order my package next day and you order yours regular delivery; me
getting my package the next day doesn’t mean that you get your package any
slower. On the internet when there’s congestion that is exactly what that means
and so to harm others because someone was able to afford a premium is
inherently unfair I think.
Denise: Yes I’m with you there and I don’t envy the FCC trying
to grapple with these issues at all. I’m glad that we have people like you
helping advise them and helping them understand all the nuances.
Lauren: As a baseline matter whether the internet is a
telecommunication service I think making that call is not first a matter of
what is best for people or what is best for the internet. It’s a matter of law.
There is a definition of telecommunication service that says users directing
traffic between the points of their choosing and that is what you do with the
internet. So to say that it’s anything but I think someone has to be either
willfully deceiving their audience or truly they haven’t read the act.
Denise: Duncan it’s pretty important what the United States
ultimately does here isn’t it on the international playing field.
Duncan: Oh yes absolutely. The reality is the Snowden
disclosure certainly hurt the US market share in terms of our technologies but
the reality is what the US does has outside repercussions. But it’s not just
the United States so it has big influence. I don’t know if you’ve discussed on
the show before the European Court’s decision of the right to be forgotten from
last year; which is affecting how Google.com may operate going forward. So the
transnational impact of what happens when 1 country legislates a certain way
have been a long standing problem for cyber-space. It’s interesting having
talked to some folks at Comcast. ISPE and particularly the ones in the US don’t
tend to think about the question of how net neutrality impacts the rest of the
world but it’s certainly going to influence because there will be countries
that will look at what the US does and try and mimic it and then there will be
countries that will maybe choose to go in a different direction; to the extent
that it’s a network of networks. What we do here has effects elsewhere and then
there are repercussions that may circle back in unexpected or unanticipated
ways.
Denise: And what the United States does here could have a
strong impact on what it can access internationally and the efficacy of it
getting information from people who are not involved in paying for accelerated
access and that kind of thing, couldn’t it?
Duncan: Yes, I think that’s right.
Denise: Alright, let’s go around the table just one more time
with all of you and get your final thoughts on anything we’ve discussed today
before we go ahead and thank our final sponsor of the show and get into our
tips and resources of the week. Duncan is there anything that you feel like you
can synthesize and leave our viewers with to think about from what we’ve been
talking about today?
Duncan: I think a couple of things to be watching for if folks
are interested in this are this UN group of government experts that are meeting
in April. Are they going to be able to have any forward progress on what are
the rules of states in interacting in cyber space and also that global
conference on cyber security that is being held in The Hague in April is
another kind of thing to watch. The one thing we didn’t get too much time to
talk about is that President Obama’s part of the State of The Union; they ruled
out cyber security legislation again and the Obama administration wants it and
maybe with the Sony hack there’s now enough popular support for it to move
forward and just like on net neutrality if the US does manage to adopt cyber
security legislation which includes things like protection of information
sharing and more law enforcement authority; that’s going to affect not just how
users in the United States experience this technology but it’ll have global
affects as well.
Denise: Lauren I’m sure you’re going to be very busy over the
next month or so. Is there anything in particular that we should be paying
attention to?
Lauren: I would just urge everyone to reach out to their
member of congress and let their voice be heard and to resist the temptation to
buy into rhetoric like monopoly or regulation; utility regulations and just
really take into account that the internet exists because of title 2 of the
Communications Act. It’s a system of interconnected computers that researchers
were able to build because they did not have to ask phone companies for
permission to access those phone lines. There are other title 2 services that
exist today like your cell phone; like business broadband and those markets are
doing just fine and people are afford it. So protections and the ability to
seek recourse when they’ve been hurt and I think that’s really important going
forward because the internet as we can see is how we communicate with one
another now and it should be protected.
Denise: Alright, Sarah any final thoughts before we move into
our final segment of the show?
Sarah: I was just going to say I just really enjoyed this
conversation with Duncan; learning some of his ideas and I feel like even in
the span of this show I’ve gone from thinking the initial thought of
militarization of cyber space – my initial thought was that; wow that sounds
really scary and then I thought well compared to a situation where lives are at
stake in the physical world it can’t be more serious than that. Now I’ve gone back
to thinking you know there are unique risks there because there because it
would be easier; any effort the government makes would be easier to hide, it’d
be harder to avoid collateral damage and although the collateral damage would
be in the form of speech I can imagine there’d be an argument that it would be
easier to dismiss it and then it would be more pervasive. So I think there’s
really fascinating issues in there. That was a really good discussion so thanks
Duncan!
Denise: Yes I agree. As usual I’m coming away from the show
with much to think about and much more to read and for all of you that are
listening and watching we put together a bunch of resources and discussion
points that we’re looking at as we’re getting ready to view the show. We have
that list available for you if you want to do some further reading. For example
there is a piece by an Australian newspaper strangely that I found when
prepping for the show, about the tech policy points from the State of the Union
earlier this week and there are much more there too so you can check it out at www.delicious.com/thisweekinlaw/289. You’ll find links to many of the things we’ve been
discussing today and further writing from our guests and much more. Right now
we’re going to take a break. Before we get into our excellent tip and resource
of the week for you we’re going to thank our 2nd sponsor for this
episode of This Week in Law which thematically enough we have an international
flair to this week because the sponsor is Blue Apron and I’ve been busy this
week cooking spicy Korean beef with a Korean rice cakes and I’m not even going
to try – well I’ll just go ahead and try it and butcher the pronunciation of
this dish. It’s called Korean Style Tteok. It’s either tech or tock or
something like that; T.t.e.o.k; with spicy pork Ragu and gai lan. I was a
little bit trepidatious of making this dish. There were ingredients there I’d
never worked with like the gai lan and the rice cakes but this came out so
wonderfully delicious that I’m definitely putting it in my culinary repertoire,
especially because it was just plain simple to make when it came down to it and
I started chopping up the gai lan and figuring out how to cook it. It was all
easy to do and fun to do because that’s what Blue Apron does. It sends you
fresh wonderful high quality ingredients. I’m just blown away by how they come
up with recipes that are exotic and unique and yet easy to make and really fun
to make and not very time consuming to make. It just makes you look like a whiz
in the kitchen even if you’re not 1 in particular. You’re going to cook fresh
and delicious and easy every time you get 1 of these packages from blue apron
and I really enjoyed making this Korean dish. My family – you know I have a 10
year old who can be kind of picky about such things but we just wolfed this
down. But the good thing too is that the potions are really generous. The meals
that I make are really designed for 2 people but there’s always enough to feed
our family of 3 and even have left-overs for the next day in many cases. So
here’s how it works; you just pay $9.99 per person, per meal. Blue Apron sends
you a refrigerated box with high quality ingredients, fresh ingredients and
exactly the right portions and you get a simple step by step recipe card with
the ingredients. It comes right to your door; the ingredients itself comes from
local farms so you’ll be getting produce that is currently in season and at its
peak of freshness and I have yet to get an item of produce from one of these
nice cooler boxes that wasn’t just crunchy, crisp and wonderful. The meals are
only 500-700 calories per serving. You’d never guess that given how delicious
they are. They work around your schedule and your dietary preferences so when
you set up your account you tell them I don’t do shellfish or peas but I do
everything else and then they’ll send you your meals based on those
preferences. Cooking takes about ½ hour for each dish give or take depending on
how much chopping is involved. Shipping is always free and the menu is always
featuring new recipes. One thing I love is they pay attention to what is going
on in the world when they’re preparing their menus to send you. For example
we’re coming up on Super Bowl week, so next week’s menu is all about Super Bowl
friendly food. There is a chili, a pizza and spicy wings. So that’s a little
bit not their usual fair but makes perfect sense for the Super Bowl. So that is
pretty fun. I really loved this spicy Korean rice cakes dish that we got to
make this week and I have a chicken dish and a fish dish still to come in my
box that is their regular weekly shipment. You’ll be cooking incredible meals,
you’ll be blown away but the quality and the freshness; it’s fast, it’s fresh,
it’s super affordable and people are going to think you’re a gourmet chef and
in my case that takes a bit of convincing. So it’s wonderful to have a bit of
help. If you want to see what’s on the menu this week and get your first 2
meals free, then you’re going to go over to www.blueapron.com/twit. That’s right you’re getting 2 meals free just for
visiting blueapron.com/twit. I really encourage you to do it. It’s really
fabulous stuff. Thanks so much Blue Apron for the great meals and for your
support of our show This Week in Law. Alright so we’re moving on to our
resources of the week and I want to pick Sarah’s brain about a couple of them
because at least one of them relates directly to Creative Commons where Sarah
is counsel. It is called Team Open and what our resource is that you can pick
up off our delicious links is a list of game changing projects from Team Open.
Tell us about Team Open Sarah.
Sarah: Sure. This is round 2 of Team Open actually. They did a
round 1 I think maybe a year ago. It’s basically stories and interviews of why
10 people of projects chose CC licensing for their art, for their scientific
data, for their games like Cards against Humanity; for those of you who don’t
know about that game it is super fun and horrible at the same time.
Denise: I’ve heard of it but haven’t played yet.
Sarah: It’s definitely worth playing with the right crowd.
You’ve got to pick your audience. But they are really good, well written little
pieces and I think it’s really eye opening because it shows just all the
reasons that… the rationale different people had for choosing CC licensing and
it goes from just simply wanting to expand the reach of your work for
commercial purposes, for publicity purposes, to 1 artist was talking about that
making this very heart felt rationale about how she ultimately determined that
spreading her art increases its inherent value in a philosophical sense not in
a financial sense; then of course just wanting to break down barriers to
increase access to knowledge in the case of scientific data and some of the
educational examples. So it’s just an interesting set of anecdotes for people
to read so it’s a great resource.
Denise: We’ve got everything here from books to online
magazines to musical works. Do you have a favorite on this list? Not to put you
on the spot.
Sarah: Well probably Cards against Humanity just because I
love playing that game. It’s not one of the most serious ones on the list. I
was really interested in the one about Kallium Maize. She talked about how she
worried that licensing it under CC license would devalue it in a philosophical
sense and then she came around to thinking that actually that place puts more
value on it. So that was one of the best written and interesting ones but
they’re all great.
Denise: Right, I love this one by Shawn Bonner and Joy Ito; Safecast,
which was created in the wake of the 2011earthquake in Japan and it used open
sensor data to help people avoid hazardous areas so it’s great public safety
and health possibilities as well. Alright we have 1 more resource for you on
the copyright front at the end of every year certain new works come into the
public domain and here in January of 2015 several new works have entered. All
of the works from - what year are we in now; Sarah do you know?
Sarah: I was just going to look that up. What is it?
Denise: It is way back there. But anyway focusing on our list
here of things that have come into the public domain we have works by
Kandinsky, Edward Mootch, Edith Sitwell, Piet Mondrian, Anton Dupree; lots of
great wonderful creators throughout time. Ian Fleming and many, many, other
works have come into – not all of their works but works from a particular year
have come into the public domain as of the turn of the calendar. So do you have
anything else to add here Sarah?
Sarah: No I don’t think so. I noticed I tweeted about that a
couple of weeks ago. I just thought it was kind of amusing to think about how
old these works are and how they’re just now falling into… maybe it’s more
depressing than amusing but they’re just now going to public domain.
Denise: Yes I know but people might tend to forget about the
public domain and the fact that there are wonderful works out there that will
continue to be added to the public domain so it’s worth paying attention to and
considering whether you need to go to istockphoto or maybe use something from
public domain from Edward Mootch. That would be perhaps a good solution. Our
tip of the week has to do with prisons and pirates and I sort of thought of
this in the category of it takes one to know one but Universal Music is suing
something called the Keith Group and what the Keith Group does is work with
families of prisoners; people in prison and being incarcerated in the United
States and sells them care packages that will be delivered to their family
members in prison. One of the things included in these care packages are sound
recordings mixed tapes including works by M&M, Jackson Brown; because if
you’re in prison why wouldn’t you want to listen to M&M and Jackson Brown
side by side. Universal Music is not happy about the fact that these mixed
tapes are not licensed from the recording industry and is suing. So the tip to
be gained from this is I guess don’t think because you’re selling pirated music
to people who might themselves be pirates that that’s going to keep you in the legal clear. The
suit of course, as do so many of these kinds of copyright suits, seeks the
maximum 150,000 dollars in damages per music track being infringed. So it is
potentially quite a high dollar lawsuit and it has just been filed so we won’t
know for quite some time probably how this is going to shake out but it caught
my eye this week and I thought it was kind of interesting. Alright folks this
has been a really fun show. Sorry I’ve only been able to join you by phone.
That is uncommon for how we do this show but I’m glad we were able to keep it
together and to keep the show going. Sarah Pearson, it was great to have you on
and looking to having you regularly on in 2 weeks and thereafter.
Sarah: Yes me too. I’m really looking forward to it.
Denise: It’s going to be fun. Duncan I really can’t thank you
enough for taking time out from your duties teaching and being associate dean
at Temple, to help us grapple with these really interesting and really
difficult international cyber law issues.
Duncan: It was a pleasure. Thanks for having me.
Denise: It was great having you on the show. Lauren I can’t
thank you enough for taking time out from attending hearings and paying attention
to maybe one of the most wide ranging issues in the US on the legislative
agenda right now. One that touches all of us and certainly touches how we will
access the internet and how much it will cost us and just you know couldn’t be
more pleased that folks of your caliber are advocating and thinking and
engaging on these issues and helping the FCC grapple with its hard task in
charting its course here.
Lauren: Thank you. I had a great time talking with your
listeners.
Denise: Alright. Folks I’m so glad you all could join us
today. It’s wonderful when you can join us live. We record the show, live every
Friday at 11:00 Pacific time, 1900 UTC. If you do that then you can jump in our
IRC chat and help us out during the show. If you can’t do that don’t worry,
you’re going to find all the shows including the one we’re recording right now
at www.twit.tv/twil. We’re on YouTube as well at thisweekinlaw there and
in iTunes on the Roku, however it’s easy to get This Week in Law on your
favorite device whether it’s television, your phone, your iPad, other tablet,
however you might like to watch and wherever you might like to be. We’ve got
all kinds of ways you can do that if you go to www.Twit.tv/twil; it has got the
whole list of ways you can subscribe to the show. If you are an iTunes
subscriber it’s always nice to get reviews there. I forget to remind people to
do that but I think a lot of people listen to the show in iTunes and we’d love
to get your feedback there. It helps us out a lot. We love to get your feedback
other places too. Of course you can always email me. I’m denise@twit.tv. Sarah we’re going to have to get you your own twit.tv
email address soon. I’ll put that on my list of things to do. Hopefully we’ll
get that in place by the time you’re next on the show but in the meantime you
can reach both of us on Twitter. Sarah you’re @ssinchpearson. I’m @dhowell on
Twitter and so it’s a great way as you’re reading through your synthesizing
issues that relate to technology and the law. During the week just shoot us a
reply there and let us know what you’re reading and think you might want to
hear on the show coming up. Let us know a guest that you think might be
wonderful on the show. You can do that on Facebook and also on Google Plus. All
of those ways work. We’re really thrilled that you’ve been able to join us
today however you’ve done so and we’ll see you again next week on This Week in
Law! Take care.
